<% /**
	* settingsPasswordConfirmation.jsp
	* 
	* Validates a user's new password
	*
	* @author Chris
	*/
%>
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<%@page import="b1w1nn1ng.crossf1t.gui.*"%>
<%@page import="b1w1nn1ng.crossf1t.business.*"%>
<%@page import="b1w1nn1ng.crossf1t.db.*"%>
<%@page import="java.security.*"%>
<%@page import="java.math.*"%>

<%  
User user = (User) session.getAttribute("user");
session.setAttribute("user", user);
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
	<head>
		<title> Change Password </title>
		<jsp:include page="/detectBrowser.jsp" />	
	</head>
	<body>
	
		<div id="container">
		<h1> Change Password </h1> <hr />
		<%
		StringBuilder errormsg = new StringBuilder();
		String password=request.getParameter("oldPassword").trim();
		MessageDigest pass;
		String REALDEAL = null;
		try {
			pass = MessageDigest.getInstance("MD5");
			pass.update(password.getBytes(),0,password.length());
			REALDEAL = new BigInteger(1, pass.digest()).toString(16);
		} catch (NoSuchAlgorithmException e1) {
			e1.printStackTrace();
		}
		if(REALDEAL.equals("")) {
			errormsg.append("<li>Please enter your old password for security purposes</li>");
		} else {
			if(!REALDEAL.equals(user.getPassword())) {
				errormsg.append("<li>The old password you entered was not correct. Please make sure you spelled it properly.</li>");
			}
		}
		if(request.getParameter("newPassword").trim().equals("")) {
			errormsg.append("<li>Your new password must be 8 characters or longer</li>");
		} else {
			if(request.getParameter("newPassword").length() < 8) 
				errormsg.append("<li>Your new password must be 8 characters or longer</li>");
			if(!Login.isAlphaNumeric(request.getParameter("newPassword"))) 
				errormsg.append("<li>The new password you entered was invalid: passwords may only contain letters, numbers, and the characters -!*$_</li>");
		}
		if(request.getParameter("verifyPassword").trim().equals("")) {
			errormsg.append("<li>Please verify your new password</li>");
		} else {
			if(!request.getParameter("newPassword").equals(request.getParameter("verifyPassword")))
				errormsg.append("<li>Your password did not match your confirmed password. Please make sure you spelled both of them properly.</li>");
		}	
		if(errormsg.length() > 0) {
			out.println("There were one or more problems with changing your password:<br /><ul>");
			out.println(errormsg);
			out.println("</ul>");
			out.println("<input type=\"button\" value=\"Back\" onclick=\"window.location =\'settingsPassword.jsp\'\"/>");
		} else {
			//If we don't have any errors, then we can ship the new password off to the database and
			//then display a confirmation page
			user.setPassword(request.getParameter("newPassword"));
			//TODO uncomment this when database works user.update();
			response.sendRedirect("../settings.jsp");
		}
		 %>
		
		</div>
	</body>
</html>

